I am trying to set up SAML Single Sign-On (SSO) with my Django app, but I am getting an error when I try to login to my app.
I go to the app url, Microsoft processes the request (the url displays microsoft.loginonline.com/etc briefly), and then I get redirected to this page:
https://my-app.azurewebsites.net/.auth/login/aad/callback
which displays this error:
{"code":400,"message":"IDX10501: Signature validation failed. Unable to match keys: \nkid: '[PII is hidden]', \ntoken: '[PII is hidden]'."}
The reply url is set to:
https://my-app.azurewebsites.net/.auth/login/aad/callback
I did the set-up following both the Azure docs and following this documentation: https://django-auth-adfs.readthedocs.io, it's ostensibly working on my localhost, just not on the actual azure app service... I am unsure of what I am doing wrong, and the error message is not very informative for me as I am new to back-end programming and cloud.
Any help is appreciated, thanks!
As stated by you, you have configured SAML SSO with Django app in the backend and encountering the said error while logging in. As per the error reported, the ‘PII value is hidden’ due to which the signature keys couldn’t be validated by the AAD. So, you will need to add some strings to your ‘settings.py’ file to notify the Django web app the returned value of token from AAD. Please find the below strings to be added to the respective file: -
Please add the below string to AUTHENTICATION_BACKENDS section in ‘settings.py’ file.
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
After adding the above string to the said file, the app should work and so the SSO too.
Also, please find the below link to a similar thread for your reference: -
JWT token authentication fails with message "PII is hidden"
Thanks
Related
When I am trying to call the API from POSTMAN in Airflow DAG, I am facing a 403 Forbidden error.
I have enabled the headers for basic authentication with the username and password in Postman. In the airflow.cfg file, I have enabled auth_backend = airflow.contrib.auth.backends.password_auth. This error occurs when I attempt to work solely in Postman. When I copy the same URL and try it directly in the browser, I am able to access the link.
I'm having trouble with authorization now that I've enabled authentication.
I attempted to use the curl command but received the same forbidden error.
The airflow version is 1.10.
The basic auth seems fine, it is base64 encoded already. 403 means you are authorized in the application but this specific action is forbidden. In airflow there are different roles admin/dag manager/operator and not all roles are allowed to do DAG operations. Can you specify the user role and operations you try to do? Have in mind that base64 auth string can be easily decoded to plain text and people can see your username and password.
In the picture you have shared the verb you are using is POST, opening the link in tbe browser is probably a GET operation which is different in terms of permissions required.
When I try to authenticate myself and get a token from Azure AD using the "acquire_token_with_username_password" method, I get the following error:
The request body must contain the following parameter: 'client_assertion' or 'client_secret'.
I am passing the client ID in. I read in some other posts that the problem may be that the application should be registered as a "native" app and not a web app, but that posting was 2 years ago and I don't see anywhere on the app properties in Azure to specify it is a native app. I am passing in the IDs in variables via the call:
token = auth_context.acquire_token_with_username_password(resource, username, password, clientId)
and I don't see anywhere in the "acquire_token_with_username_password" where I would pass a client_assertion or client_secret, not to mention I'm not sure what I would put there.
Yes, if the AD App is a Web type, the 'client_assertion' or 'client_secret' is required, just follow the screenshot to set the AD App to public client, i.e. native app, then it will work.
I installed Django Facebook and I am using this method to post to a Page:
from open_facebook.api import OpenFacebook
graph = OpenFacebook("my_access_token")
graph.set('me/feed', message='hello world')
It's working on my local dev machine when I am logged in to my Facebook account. It stops working as soon as I sign out and I get this message:
OAuthException: Error validating access token: The session is invalid because the user logged out. (error code 190)
I got my access token from Graph API Explorer by passing /me/accounts
So the question, how do I make my code work on production when of course I'll not be logged in?
Please note that I'll only be posting to a Page that I own.
If you want to use 'me/feed' offline;
You can use the APP Access Token, once you've authorized the app and call USER_ID/feed to post.
Note: use user_id instead of me- me is only used when a user is in session, but you want to do the action after logout.
To get the app access token,
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
I am trying make a post on my apps page wall as if it is coming from the app page (not another user) After researching I seem to find no solution that actually works!
I have tried to follow the documentation here:
I then get my 'access_token_page' by getting it from:
https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=CLIENT_SECRET&grant_type=client_credentials
Then using the facebook python api I try:
graph1 = facebook.GraphAPI(access_token_page)
graph1.put_wall_post(fbmessage, attachment, profile_id=APP_PAGE_ID)
However this just returns the following facebook error:
*** GraphAPIError: (#200) The user hasn't authorized the application to perform this action
Any ideas on what I am missing? Remember, I am looking to have the App Page make a post to itself, not have a post be generated from another username.
Thank you!
What you had done is using App Access Token to publish to page.
You should using Page Access Token to post on page admin behalf instead. User Access Token is works too but it's a bug as reported at https://developers.facebook.com/bugs/647340981958249, so it's not recommended to use User Access Token by this time of writing.
As documented at https://developers.facebook.com/docs/reference/api/page/#page_access_tokens:
Page Access Tokens
To perform the following operations as a Page, and not the current
user, you must use the Page's access token, not the user access token
commonly used for reading Graph API objects. This access token can be
retrieved by issuing an HTTP GET to /USER_ID/accounts with the
manage_pages permission.
More info about different type of access token please visit https://developers.facebook.com/docs/facebook-login/access-tokens/
Try Django Facebook:
https://github.com/tschellenbach/Django-facebook
This will deal with many of your API problems.
You need the page access token, see here:
https://developers.facebook.com/docs/facebook-login/access-tokens/
Ask for manage_pages as an extra permission
After getting that setup, simply do:
user_graph = OpenFacebook(user_access_token)
response = user_graph.get('me/accounts')
# turn the response to a dict, and be sure to get the page you want
page_access_token = response['data'][0]['access_token']
graph = OpenFacebook(page_access_token)
graph.set('me/feed', message='helloworld')
You can find more docs here:
http://django-facebook.readthedocs.org/en/latest/open_facebook/api.html
I'm having some troubles getting a custom app installed on my test shop using django and app engine. I downloaded the appropriate zip file on github for the app engine project (https://github.com/shopify/shopify_django_app).
I created the app on the partner admin with the callback url
http://localhost:8000/login/finalize
SHOPIFY_API_KEY = '6a17608.......'
SHOPIFY_API_SECRET = '1fddc.......'
Now I load it up and am greeted by the login page.
Now one of 2 things happen.
I enter https://crooks-and-sons5046.myshopify.com (test shop) and it sends me to the partner login form which I do and login. Then it just redirects me to my stores admin page and it doesn't bring up the install frame like I see on the online demo example.
OR I enter crooks-and-sons5046 and I get a 500 error kicked back from the server that says
Exception Value:
cannot concatenate 'str' and 'NoneType' objects
Exception Location: /Users/timwhitaker/gae/mfshopify/shopify/session.py in
__computed_password, line 87
This is the relevant line
return md5(self.secret + self.token).hexdigest()
My api key and secret key are both entered in the shopify_settings.py so this leads me to believe the token is not being created for the session.
The online demo here https://shopify-django-example.appspot.com/ works perfectly for me and I didn't mess around with any of the files that were in the included zip.
Any ideas?
Is your Shopify App configured to use Legacy or OAuth Authentication? I think the example app zip file for app engine is quite old, so probably only works with Legacy Authentication.
However, the master branch for the shopify_django_app project has been updated to support OAuth with Shopify. That along with the newer version of the shopify_python_api would be needed to be updated to use OAuth Authentication.